提交登录时的php curl(codeigniter)CSFR
问题出在哪里,我不明白 使用codeigniter框架登录 获取消息“遇到错误,不允许您请求的操作。” 我认为问题出在代码点火器CSFR上?如何连接 请提交登录时的php curl(codeigniter)CSFR,php,codeigniter,curl,login,token,Php,Codeigniter,Curl,Login,Token,问题出在哪里,我不明白 使用codeigniter框架登录 获取消息“遇到错误,不允许您请求的操作。” 我认为问题出在代码点火器CSFR上?如何连接 请 private$url='1〕http://domain'; 私有$username='username'; private$password='password'; 公共函数构造() { #日志# self::console('TOKEN:'.self::getToken().'COOKIE:'.self::getCookie()); #卷
private$url='1〕http://domain';
私有$username='username';
private$password='password';
公共函数构造()
{
#日志#
self::console('TOKEN:'.self::getToken().'COOKIE:'.self::getCookie());
#卷曲#
self::curl(
“/admin/ajax/login”,
排列(
'token'=>self::getToken(),
'username'=>this->username,
“密码”=>$this->password
)
);
}
私有函数curl($url,$fields=null)
{
$ch=curl_init();
curl_setopt($ch,CURLOPT_头,0);
curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0(X11;Linux x86_64)AppleWebKit/537.36(KHTML,像Gecko)Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch,CURLOPT_URL,$this->URL.$URL);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch,CURLOPT_TIMEOUT,600);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl\u setopt($ch,CURLOPT\u POSTFIELDS,!empty($fields)?http\u build\u query($fields):null);
curl_setopt($ch,CURLOPT_COOKIEJAR,dirname(_文件)'\cookie.txt');
curl_setopt($ch,CURLOPT_COOKIEFILE,dirname(uuu FILE_uu)。'\cookie.txt');
$result=curl\u exec($ch);
if(旋度误差($ch))
{
返回“Curl error:”。Curl_error($ch);
}否则{
返回打印结果($result);
}
卷曲关闭($ch);
}
私有函数getCookie()
{
$ch=curl_init();
curl_setopt($ch,CURLOPT_头,1);
curl_setopt($ch,CURLOPT_TIMEOUT,600);
curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0(X11;Linux x86_64)AppleWebKit/537.36(KHTML,像Gecko)Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch,CURLOPT_URL,$this->URL.'/admin/ajax/login');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$result=curl\u exec($ch);
preg_match('/^Set Cookie:\s*([^;]*)/mi',$result,$value);
parse_str($value[1],$cookies);
返回$cookies['bopsystoken'];
}
私有函数getToken()
{
$ch=curl_init();
curl_setopt($ch,CURLOPT_头,0);
curl_setopt($ch,CURLOPT_TIMEOUT,600);
curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0(X11;Linux x86_64)AppleWebKit/537.36(KHTML,像Gecko)Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch,CURLOPT_URL,$this->URL./login');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$result=curl\u exec($ch);
if(旋度误差($ch))
{
返回“Curl error:”。Curl_error($ch);
}否则{
preg_match('/type=“hidden”name=“token”value=“(.*)”/mi',str_replace(数组(“\n”、“\r”、“\t”)、“”,$result)、$token);
返回$token[1];
}
卷曲关闭($ch);
}
专用功能控制台($e)
{
echo'console.log(“.$e.”);
}
CSRF是跨站点请求伪造。此错误来自您请求的服务器。调用非静态方法时出错。在get_token函数中,使用preg_mathc($this->security->get_csrf_hash())获取生成的令牌的值。
private $url = 'http://domain';
private $username = 'username';
private $password = 'password';
public function __construct()
{
# LOG #
self::console('TOKEN:'.self::getToken().' COOKIE:'.self::getCookie() );
# CURL #
self:: curl(
'/admin/ajax/login',
array(
'token' => self::getToken(),
'username' => $this->username,
'password' => $this->password
)
);
}
private function curl( $url, $fields = null )
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_URL, $this->url . $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 600);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, !empty($fields) ? http_build_query($fields) : null );
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'\cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'\cookie.txt');
$result = curl_exec($ch);
if(curl_errno($ch))
{
return 'Curl error: ' . curl_error($ch);
}else{
return print_r($result);
}
curl_close($ch);
}
private function getCookie()
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 600);
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_URL, $this->url.'/admin/ajax/login' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $value);
parse_str($value[1], $cookies);
return $cookies['bopsystoken'];
}
private function getToken()
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_TIMEOUT, 600);
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_URL, $this->url.'/login' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
if(curl_errno($ch))
{
return 'Curl error: ' . curl_error($ch);
}else{
preg_match('/type="hidden" name="token" value="(.*?)" /mi', str_replace(array("\n","\r","\t"),'',$result), $token);
return $token[1];
}
curl_close($ch);
}
private function console($e)
{
echo '<script>console.log("'.$e.'")</script>';
}